cbcvebase.
CVE-2017-14098
published 2017-09-02

CVE-2017-14098: In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header…

PriorityP352high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
50.05%
98.8th percentile
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

Affected

58 ranges· showing 25
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:13.17.1~dfsg-1 (bullseye)asterisk 1:13.17.1~dfsg-1 (bullseye)
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk

Detection & IOCsextracted from sources · hover to see the quote

  • Crash triggered by a crafted tel URI in SIP From, To, or Contact headers processed by the pjsip channel driver (res_pjsip)
  • Vulnerable component is the res_pjsip module in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1; monitor SIP traffic for malformed tel URIs in these headers targeting those versions
  • ·Upstream security advisory for CVE-2017-14098 is AST-2017-007; refer to it for full technical details and patch
  • ·Official Asterisk security advisory and patch available at the Asterisk downloads security page

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.